Skip to main content

Posts

Showing posts from September, 2015

Changing a Password

It's that time of the month. My corporate email account has started warning me of dire consequences if I don't change my password. I'm going to have to start thinking again of a hard-to-guess easy-to-remember never-used-before nonsense string that will be my companion till thirty days do us part. Now security experts are always telling me "industry best practice" dictates that I change my password ever so often. I never quite believed it, because it just did not add up. There just didn't seem to be a feasible attack that could take advantage of this kind of hole. After all, password changes matter only if someone is already accessing your account. If your password did get compromised, what kind of hacker would wait thirty days to take advantage of it? There are indeed some stalker scenarios where this kind of thing can be useful, where I might want to see all the emails being exchanged without doing anything for as long as that window is open but in other sc